MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b15150ad60896b077eec3fe3076f76440e38e8c90da4327f78367284742e5289. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: b15150ad60896b077eec3fe3076f76440e38e8c90da4327f78367284742e5289
SHA3-384 hash: b8f3963eb6cdc6811d86f162808ec2ea37ffdfbfde1286d0b3a6ad60ab3244942bde6ba09bf7b24e3c82d9a83d1b5d9c
SHA1 hash: c7a9535b8476c13e706658f9ef4db8683d41f98d
MD5 hash: a99a2d2871a9ddefa98c8d55ce12a16f
humanhash: neptune-berlin-whiskey-echo
File name:arnoidx.exe
Download: download sample
Signature MassLogger
File size:1'069'056 bytes
First seen:2020-06-30 06:00:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4efaaf21b12695f01a3026d85b9437a9
ssdeep 24576:XtIouYueWd3E0/2ttc4ADXH7owqoAxwnbEY:X87617c4A3owXjbEY
TLSH C235D022E2A14833C0521E7D9C3BD6785A36BD1139695A462BF4FD0CAF39FC139162B7
Reporter @Jouliok
Tags:exe MassLogger


Mail intelligence No data
# of uploads 1
# of downloads 29
Origin country GB GB
CAPE Sandbox Detection:n/a
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-26 12:38:50 UTC
AV detection:27 of 31 (87.10%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 76.39%

Yara Signatures

Rule name:masslogger_gcch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe b15150ad60896b077eec3fe3076f76440e38e8c90da4327f78367284742e5289

(this sample)

Delivery method
Distributed via web download